Backdoor discovered on ZTE Score M Android smartphone

This site may earn affiliate commissions from the links on this page. Terms of use.

If anyone reading this owns a ZTE Score M Android smartphone, your device has been found to include a backdoor allowing root access without user authentication.

The discovery of the backdoor comes via a post on the text storage website Pastebin. It has since been confirmed via Reddit by Justin Case of Cunning Logic and TeamAndIRC. He has confirmed with someone at ZTE that the backdoor does indeed exist and that a fix is in the works.

The question that needs to be asked is, why is it there at all?

Apparently the handset includes a hard-coded password that allows access to a root shell, effectively opening up the phone to any person in possession of said password.

As the Score M is a Gingerbread phone available in the U.S. through MetroPCS, Google will surely be asking questions as to why such a back door was allowed to ship as part of the handset’s default install.

ZTE is a Chinese company counted as the fifth-largest telecoms equipment manufacturer in the world behind Ericsson, Huawei, Alcatel-Lucent, and Nokia Siemens Networks. It manufacturers a range of networking equipment alongside producing equipment for other companies as an original equipment manufacturer (OEM).

ZTE is no stranger to controversy and has been linked to bribing officials on several occasions in order to win contracts. What needs to be established now is whether the backdoor on the Score M was a deliberate inclusion, and if it was, what other ZTE products may also carry the same access.